Issue #7052 has been updated by Dominic Maraglia.
Further investigation: Cert generation *always* fails on the first attempt; re-running the same command always passes. This is appear to be an out of order operation error. This is a regression from previous behaviour. Example repro two passes: pass 1 fails, pass 2 succeeds: <pre> [root@cent-55-386-1 ~]# puppet cert --trace --generate working3961.example.org --confdir=/tmp/puppet-ssl-3961 --vardir=/tmp/puppet-ssl-3961 --ssldir=/tmp/puppet-ssl-3961 notice: Signed certificate request for ca notice: Rebuilding inventory file /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:731:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:731:in `open' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:731:in `writesub' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:162:in `withumask' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:730:in `writesub' /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:62:in `asuser' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:723:in `writesub' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:709:in `write' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:158:in `write' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:98:in `save' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:267:in `save' /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:68:in `save' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:99:in `crl' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:136:in `generate_ca_certificate' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:222:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:146:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/application/cert.rb:81:in `new' /usr/lib/ruby/site_ruby/1.8/puppet/application/cert.rb:81:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:62:in `execute' /usr/bin/puppet:4 Permission denied - /tmp/puppet-ssl-3961/crl.pem [root@cent-55-386-1 ~]# echo $? 23 [root@cent-55-386-1 ~]# puppet cert --trace --generate working3961.example.org --confdir=/tmp/puppet-ssl-3961 --vardir=/tmp/puppet-ssl-3961 --ssldir=/tmp/puppet-ssl-3961 notice: working3961.example.org has a waiting certificate request notice: Signed certificate request for working3961.example.org notice: Removing file Puppet::SSL::CertificateRequest working3961.example.org at '/tmp/puppet-ssl-3961/ca/requests/working3961.example.org.pem' notice: Removing file Puppet::SSL::CertificateRequest working3961.example.org at '/tmp/puppet-ssl-3961/certificate_requests/working3961.example.org.pem' </pre> This error is causing the system test for ticket 3961 to fail [[3961]] ---------------------------------------- Bug #7052: Cert generation fails using "--ssldir" https://projects.puppetlabs.com/issues/7052 Author: Dominic Maraglia Status: Unreviewed Priority: High Assignee: Nigel Kersten Category: Target version: Statler Affected Puppet version: Keywords: cert generation ssldir Branch: Cert generation fails when generating a cert and passing options such as --ssldir. Configuration: <pre> Test Suite: acceptance @ Mon Apr 11 11:25:19 -0700 2011 - Host Configuration Summary - Platform for centos-55-386-1 centos-5-i386 Platform for centos-55-64-1 centos-5-x86_64 Role for centos-55-386-1 agent Role for centos-55-64-1 master Config Key|Val: rubyver "ruby18" Config Key|Val: version {:puppet=>"2.6.7-60-g7b23e59", :facter=>"1.5.8"} Config Key|Val: filecount 12 Config Key|Val: puppet_ver "origin/2.6.next" Config Key|Val: pe_nfs_mount "/mnt/ro/pe" Config Key|Val: gemver "gem12"Config Key|Val: puppetpath "/etc/puppet" Config Key|Val: puppetbinpath "/opt/puppet/bin" Config Key|Val: facter_ver "1.5.8" Config Key|Val: ssh {:user=>"root", :config=>false, :paranoid=>false, :auth_methods=>["publickey"], :port=>22, :user_known_hosts_file=>"/home/djm/.ssh/known_hosts", :keys=>["/home/djm/.ssh/id_rsa"]} Config Key|Val: nfs_server "192.168.97.1" Config Key|Val: puppetbin "/usr/bin/puppet" - Test Case Summary - Attempted: 89 Passed: 86 Failed: 2 Errored: 1 Skipped: 0 - Specific Test Case Status - Failed Tests Cases: Test Case tests/acceptance/ticket_4151_defined_function_should_not_return_true_for_unrealized_virtual_resources.rb reported: #<Test::Unit::AssertionFailedError: Exited with 1. <false> is not true.> Test Case tests/acceptance/ticket_6710_relationship_syntax_should_work_with_title_arrays.rb reported: #<Test::Unit::AssertionFailedError: Exited with 1. <false> is not true.> Errored Tests Cases: Test Case tests/acceptance/ticket_3961_puppet_ca_should_produce_certs.rb reported: #<RuntimeError: Exited with 23> </pre> Example repro: <pre> [root@centos-55-386-1 tmp]# puppet cert --trace --generate working3961.example.org --vardir=/tmp/puppet-ssl-3961 --ssldir=/tmp/puppet-ssl-3961 --confdir=/tmp/puppet-ssl-3961 notice: Signed certificate request for ca notice: Rebuilding inventory file /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:731:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:731:in `open' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:731:in `writesub' /usr/lib/ruby/site_ruby/1.8/puppet/util.rb:162:in `withumask' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:730:in `writesub' /usr/lib/ruby/site_ruby/1.8/puppet/util/suidmanager.rb:62:in `asuser' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:723:in `writesub' /usr/lib/ruby/site_ruby/1.8/puppet/util/settings.rb:709:in `write' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:158:in `write' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/ssl_file.rb:98:in `save' /usr/lib/ruby/site_ruby/1.8/puppet/indirector/indirection.rb:267:in `save' /usr/lib/ruby/site_ruby/1.8/puppet/indirector.rb:68:in `save' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:99:in `crl' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:136:in `generate_ca_certificate' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:222:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/ssl/certificate_authority.rb:146:in `initialize' /usr/lib/ruby/site_ruby/1.8/puppet/application/cert.rb:81:in `new' /usr/lib/ruby/site_ruby/1.8/puppet/application/cert.rb:81:in `setup' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:420:in `hook' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:411:in `exit_on_fail' /usr/lib/ruby/site_ruby/1.8/puppet/application.rb:304:in `run' /usr/lib/ruby/site_ruby/1.8/puppet/util/command_line.rb:62:in `execute' /usr/bin/puppet:4 Permission denied - /tmp/puppet-ssl-3961/crl.pem [root@centos-55-386-1 tmp]# ll puppet-ssl-3961/ total 44 drwxrwx--- 5 puppet puppet 4096 Apr 11 11:33 ca drwxr-xr-x 2 puppet root 4096 Apr 11 11:33 certificate_requests drwxr-xr-x 2 puppet root 4096 Apr 11 11:33 certs drwxr-xr-x 2 root root 4096 Apr 11 11:33 facts drwxr-xr-x 2 root root 4096 Apr 11 11:33 lib drwxr-x--- 2 puppet puppet 4096 Apr 11 11:33 log drwxr-x--- 2 puppet root 4096 Apr 11 11:33 private drwxr-x--- 2 puppet root 4096 Apr 11 11:33 private_keys drwxr-xr-x 2 puppet root 4096 Apr 11 11:33 public_keys drwxrwxrwt 2 root root 4096 Apr 11 11:33 run drwxr-xr-t 2 root root 4096 Apr 11 11:33 state </pre> -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-bugs?hl=en.
